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REMARKS 

Applicant respectfully requests reconsideration. Claims 1-10, 12, 14, 15, 17-23, 25-45, 47- 
51, 53, 56 and 60-63 were previously pending in this application. By this amendment, claims 1, 15, 
18, 26, 31 and 33-39 have been amended. Claims 21 has been canceled. As a result, claims 1-10, 
12, 14, 15, 17-20, 22-23, 25-45, 47-51, 53, 56 and 60-63 are pending for examination. No new 
matter has been added. 

Interview Summary 

Applicants thank Examiner Kim for the courtesies of granting and conducting a telephone 
interview on April 28, 2009. Applicants were represented at the interview by Edmund J. Walsh 
(Reg. 32,950). 

During the interview, Applicants provided an overview of the specification and proposed 
claim amendments. The Amendments and remarks made herein may serve as a further summary of 
the interview. 

The Examiner agreed that the proposed amendments appeared to overcome the art of record, 
but that a further search may be required. 

Claim Rejections 35 U.S.C. §112 

Claim 17 was rejected for reciting "items" without antecedent basis. Applicants respectfully 
submit that changes to claims 15 and 17 provide adequate antecedent basis for the terms in claim 17 
and the rejection should be withdrawn. 

Claim Rejections Based on Prior Art 

Each of the claims has been rejected based on one or more prior art references. Applicants 
respectfully submit that each of the claims as amended recites limitations that patentably distinguish 
over the cited art, and the claims should be allowed. 
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Before discussing the claims, Applicants provide a summary of some exemplary 
embodiments. Briefly, the present application describes a networked system in which items, such as 
computers, may be admitted into clean groups. Items within the clean groups may communicate 
with each other (page 2, lines 13-15; page 5, lines 9-10). 

Management of the clean group is based, at least in part, on self governance actions taken by 
the items themselves. When an item no longer qualifies for clean group membership, it removes 
itself from the clean group and may also notify the clean group server (page 2, lines 18-23; line 3- 
8). 

The system is constructed to restrict access even in a distributed network where there may be 
many thousands of ports, such as wireless ports and Ethernet ports (page 2, lines 2-6). Items gain 
admission to a clean group by performing compliance checks and sending an add request to a clean 
group server (page 3, lines 1-4,1 5). 

In some embodiments, the clean group may be maintained within a domain controller, which 
in turn specifies access to group policy objects maintained in an active directory server. One of 
those group policy objects may specify parameters for forming security associations, such as 
security associations using the IPsec protocol. By allowing only members of the clean group to 
access a group policy object, and using security associations according to the group policy object 
for communication among clean group members, communication with clean group members can be 
restricted to only other clean group members. 

With these techniques, a clean group can be formed, even though items connected to the 
network will not necessarily access the network through a choke point where quarantine 
enforcement may be located (page 5, lines 3-14; page 2, lines 1-6). Distributed control is also 
provided through self governance action by the individual items. When an item determines that it 
no longer qualifies for clean group membership, the item may remove itself from the clean group 
and optionally notify the clean group server (page 4, lines 13-19). These self governance actions 
may include erasing or hiding credentials or otherwise invalidating the clean group membership. 
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The foregoing summary is provided solely for the convenience of the Examiner. However, 
it should be appreciated that each of the independent claims may not be limited in the manner 
described above. Therefore, the Examiner is requested to not rely upon the summary above for 
determining whether each of the claims distinguishes over the prior art of record, but to do so based 
solely upon the language of the claims and the arguments presented below. 

Independent Claim 1 

Claim 1 is rejected under 35 U.S.C. 102 as being anticipated by US Patent Publication 
2004/0103310 (Sobel). However, Sobel does not describe a system employing clean group 
management as described in the present application, and claim 1 now recites limitations not shown 
or suggested in Sobel, including: 

managing access to a plurality of group policy objects through an active directory 
server, each of the group policy objects being associated with a group defined by the domain 
controller, and the active directory server providing access to each of the plurality of group 
policy objects to items based on membership in a group defined by the domain controller; 
wherein: 

members of the clean group communicate using security associations; and 
a group policy object of the plurality of group policy objects comprises parameters 
for security associations used by items of the clean group, whereby communication with 
items of the clean group is restricted to other items within the clean group 

Rather than describing the use of a group policy object managed through an active directory 
server based on groups defined by a domain controller, Sobel relates to the enforcement of 
compliance of network security policies using a DHCP proxy to segregate compliant from non- 
compliant clients [0016]. The proxy intercepts requests for addresses and blocks the request from 
reaching the DHCP server [0023], Sobel does not relate to a mechanism of restricting access to a 
clean group through the use of security associations. Nor does Sobel describe providing access to a 
group policy object that comprises parameters for communication used by items of the clean group. 
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To expedite prosecution, Applicants note that claim 1, as amended, now recites limitations 
similar to those previously in claim 53. Claim 53 was rejected based on Sobel in view of US Patent 
Application 2003/0065942 to Lineman. However, Lineman also does not describe distributed clean 
group management as described in the present application. Rather, Lineman describes a software 
program that helps a computer administrator create and manage security policies (See, Abstract). 
As examples of security policies, Lineman indicates data classification levels (FIG. 4A); password 
and user-ID construction (e.g. FIG. 4B); and minimum password length (FIG. 5 A). Lineman does 
not describe use of policies that "comprises parameters for security associations used by 
items of the clean group." Accordingly, even if Sobel and Lineman were combined, the 
combination would not meet this limitation of claim 1. 

Moreover, Lineman describes a policy document that is distributed to computer systems in a 
network (see, Abstract; FIG. 2, element 78). It does not describe "managing access to a 
plurality of group policy objects through an active directory server," as claimed. 

The Office Action states that official notice is taken that Active Directory enables 
IPsec configuration for secure communications between computers. While Applicants do 
not dispute that Active Directory could be used for this purpose, Applicants respectfully 
submit that the existence of such a capability is not adequate to demonstrate that one of 
skill in the art knew to use the IPsec configuration in the manner claimed. 

Thus, even if combined, the references would not teach all limitations of claim 1 
as amended and the rejection should be withdrawn. 

Independent Claim 15 

Independent claim 15 is rejected under 35 U.S.C. §103 based on Sobel in view of U.S. 
Patent 7,162,649 to Ide. As should be apparent from the discussion of Sobel in connection with 
claim 1, above, Sobel does not describe a clean group management system as in the present 
application. 
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As understood, Ide is cited as teaching that the clean group comprises a group of computers 
and users. Accordingly, Ide does not cure the deficiencies of Sobel. 

As amended, claim 15 contains limitations from claim 21. To expedite prosecution, 
Applicants comment on the rejection of claim 21 . In connection with that claim, the Office Action 
asserts that Sobel teaches a remove message at paragraphs 21 and 24. However, the cited passages 
describe transmission of compliance data. They do not describe either a remove message or that the 
clean group server can " remove the item from the clean group in response to the remove request." 
In fact, Sobel does not appear to disclose that a client determines its status such that it could send an 
add and a remove message. 

Thus, even if combined, the references do not teach all limitations of claim 15, and the 
rejection should be withdrawn. 

Independent Claim 26 

Independent claim 26 is rejected under 35 U.S.C. §103 based on Sobel in view of Ide. As 
described above in connection with claims 1 and 15, neither Sobel nor Ide describes a system with 
clean group management as in the present application. Accordingly, claim 26 as amended recites 
limitations not shown or suggested in the references. 

For example, claim 26 recites: "when the clean runtime object subsequently 
determines that the computer does not have the specified set of properties, performs self 
governance actions that disable the computer from communication with the clean group." 
As noted above, Sobel describes a system in which a DHCP proxy intercepts a request 
for a network address. If the request is from an unacceptable client, the client does not 
receive an address. There is no teaching of self governance actions performed by a 
client computer. Thus, even if combined, the references do not teach at least this 
limitation, and the rejection should be withdrawn. 
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Independent Claim 33 

Claim 33 is rejected as anticipated by Sobel. However, independent claim 33 as amended 
contains limitations that clearly distinguish over the references. For example, claim 33 recites: 
"when the computer is a member of a clean group and it is determined that the 
computer does not have the specified set of properties, performing self governance 
action, the self governance action comprising at least one of erasing domain 
credentials, hiding domain credentials, hiding EFS keys or disabling EFS keys." 

For reasons that should be apparent from the discussion of the Sobel, above, 
Sobel does not recognize the possibility of self governance action as claimed. Rather, 
Sobel describes compliance enforcement with a DHCP proxy server. Thus, claim 33 
patentably distinguishes over the cited references, and should be allowed. 

Independent Claim 39 

Claim 39 was rejected as obvious over Sobel in view of Lineman. However, as amended, 
claim 39 contains limitations not taught by either reference. For reasons that should be clear from 
the foregoing discussion of Sobel and Lineman, the references do not show or suggest limitations 
such as: "selectively providing access to a collection of IPSec communication requirements and 
parameters based on membership in the clean group maintained by the domain controller;" or 
"blocking access to the collection of IPSec communication requirements and parameters 
by items not within the clean group;" or "limiting communicating among items in the clean 
group to communication using the IPsec communication requirements, thereby quarantining 
items outside the clean group." Accordingly, claim 39 as amended patentably 
distinguishes over the cited references, and the rejection should be withdrawn. 

General Comments on Dependent Claims 

The remaining claims depend, directly or indirectly from one of independent claims 1,15, 
26, 33 or 39. 
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Each of the dependent claims depends from a base claim that is believed to be in condition 
for allowance, and Applicants believe that it is unnecessary at this time to argue the allowability of 
each of the dependent claims individually. Applicants do not, however, necessarily concur with the 
interpretation of the dependent claims as set forth in the Office Action, nor do Applicants concur 
that the basis for the rejection of any of the dependent claims is proper. Therefore, Applicants 
reserve the right to specifically address the patentability of the dependent claims in the future, if 
deemed necessary. 
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CONCLUSION 



A Notice of Allowance is respectfully requested. The Examiner is requested to call the 
undersigned at the telephone number listed below if this communication does not place the case in 
condition for allowance. 

If this response is not considered timely filed and if a request for an extension of time is 
otherwise absent, Applicant hereby requests any necessary extension of time. If there is a fee 
occasioned by this response, including an extension fee, the Director is hereby authorized to charge 
any deficiency or credit any overpayment in the fees filed, asserted to be filed or which should have 
been filed herewith to our Deposit Account No. 23/2825, under Docket No. Ml 103.70609US00. 

Dated: May-22,2009 Respectfully submitted, A 
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